Created
March 12, 2019 17:56
-
-
Save jclulow/1029ce13124363fe25297f00be74b21e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -o errexit | |
set -o pipefail | |
host=reshard | |
dir=$(cd "$(dirname "$0")" && pwd) | |
mkdir -p $dir/keys | |
function key_path { | |
local n=$1 | |
local f=$dir/keys/$n | |
echo "$f" | |
} | |
function key_fp { | |
local n=$1 | |
local f=$dir/keys/$n | |
ssh-keygen -l -f "$f" -E md5 | awk '{ print $2 }' | sed 's/MD5://' | |
} | |
function make_key { | |
local n=$1 | |
local f=$dir/keys/$n | |
if [[ -f $f ]]; then | |
return 0 | |
fi | |
local dt=$(/usr/bin/date -u +%Y-%m-%d_%H:%M:%S) | |
ssh-keygen -b 2048 -t rsa -N '' -C "${n}_${dt}" -f "$f" | |
} | |
function make_user { | |
local u=$1 | |
if ! ssh $host /opt/smartdc/bin/sdc-useradm get "$u"; then | |
printf ' * creating user "%s"\n' "$u" | |
if ! ssh $host /opt/smartdc/bin/sdc-useradm create -A \ | |
login="$u" \ | |
email="$u+$(date +%s)@example.com" \ | |
userpassword="whasdfijaisdfjaisdjfasdf1!" \ | |
; then | |
printf 'no user "%s"\n' "$u" | |
exit 1 | |
fi | |
else | |
printf ' * user "%s" exists already\n' "$u" | |
fi | |
return 0 | |
} | |
function make_operator { | |
local u=$1 | |
local get | |
local uuid | |
local ldif | |
# | |
# Determine the UUID of the account in question: | |
# | |
if ! get=$(ssh $host /opt/smartdc/bin/sdc-useradm get "$u"); then | |
exit 1 | |
fi | |
if ! uuid=$(json uuid <<< "$get") || [[ -z $uuid ]]; then | |
exit 1 | |
fi | |
printf 'checking to see if %s (%s) is an operator\n' "$u" "$uuid" | |
if ! ldif=$(ssh $host /opt/smartdc/bin/sdc-ldap search -s base \ | |
-b 'cn=operators, ou=groups, o=smartdc' uniquemember); then | |
exit 1 | |
fi | |
if awk -v uuid=$uuid '$1 == "uniquemember:" && $2 ~ uuid { f = 1 } | |
END { if (!f) { exit(1); } }' <<< "$ldif"; then | |
printf '%s (%s) is an operator already\n' "$u" "$uuid" | |
return 0 | |
fi | |
ldif='dn: cn=operators, ou=groups, o=smartdc\nchangetype: modify\n' | |
ldif+='add: uniquemember\n' | |
ldif+='uniquemember: uuid=%s, ou=users, o=smartdc\n\n' | |
ldif=$(printf "$ldif" "$uuid") | |
if ! ssh $host /opt/smartdc/bin/sdc-ldap modify <<< "$ldif"; then | |
exit 1 | |
fi | |
printf '%s (%s) is now an operator\n' "$u" "$uuid" | |
return 0 | |
} | |
function key_in_account { | |
local u=$1 | |
local f=$dir/keys/$2.pub | |
local fp=$(key_fp $2) | |
local keylist | |
if ! keylist=$(ssh $host /opt/smartdc/bin/sdc-useradm keys "$u"); then | |
exit 1 | |
fi | |
if awk -v k=$fp '$2 == k { f = 1; } END { if (!f) { exit(1); } }' \ | |
<<< "$keylist"; then | |
printf 'key %s appears in account %s already\n' "$fp" "$u" | |
return 0 | |
fi | |
if ! scp "$f" "$host:/tmp/pubkey.$$.pub"; then | |
exit 1 | |
fi | |
if ! ssh $host /opt/smartdc/bin/sdc-useradm add-key \ | |
"$u" "/tmp/pubkey.$$.pub"; then | |
exit 1 | |
fi | |
printf 'key %s added to account %s\n' "$fp" "$u" | |
return 0 | |
} | |
echo generating keys ... | |
make_key regular | |
make_key operator | |
echo creating test accounts ... | |
make_user test_user | |
key_in_account test_user regular | |
make_user test_oper | |
make_operator test_oper | |
key_in_account test_oper operator | |
echo getting details from environment ... | |
if ! cloudapi=$(ssh $host /usr/sbin/vmadm list -H -o nics.1.ip \ | |
alias=cloudapi0) || [[ -z $cloudapi ]]; then | |
printf 'could not get CloudAPI IP\n' | |
exit 1 | |
fi | |
if ! res=$(ssh $host /opt/smartdc/bin/sdc-sapi '/services?name=webapi'); then | |
printf 'could not get "webapi" SAPI Service\n' | |
exit 1 | |
fi | |
if ! muskie_iv=$(json -Ha metadata.MUSKIE_JOB_TOKEN_AES_IV <<< "$res") || | |
! muskie_salt=$(json -Ha metadata.MUSKIE_JOB_TOKEN_AES_SALT <<< "$res") || | |
! muskie_key=$(json -Ha metadata.MUSKIE_JOB_TOKEN_AES_KEY <<< "$res"); then | |
exit 1 | |
fi | |
echo generating $dir/env.sh ... | |
cat >$dir/env.sh <<EOF | |
unset TRITON_PROFILE | |
unset DOCKER_CERT_PATH | |
unset DOCKER_HOST | |
unset DOCKER_TLS_VERIFY | |
unset COMPOSE_HTTP_TIMEOUT | |
unset SDC_URL | |
unset SDC_ACCOUNT | |
unset SDC_USER | |
unset SDC_KEY_ID | |
unset SDC_TESTING | |
unset MANTA_URL | |
unset MANTA_USER | |
unset MANTA_KEY_ID | |
unset MANTA_TLS_INSECURE | |
unset MANTA_PROFILE | |
export MANTA_URL=http://localhost:8080 | |
export MANTA_USER=test_user | |
export MANTA_KEY_ID=$(key_fp regular) | |
export MANTA_TLS_INSECURE=1 | |
export MUSKIETEST_OPERATOR_USER=test_oper | |
export MUSKIETEST_OPERATOR_KEYFILE=$(key_path operator) | |
export MUSKIETEST_REGULAR_KEYFILE=$(key_path regular) | |
export SDC_TESTING=1 | |
export SDC_ACCOUNT=test_user | |
export SDC_KEY_ID=$(key_fp regular) | |
export SDC_URL=https://$cloudapi | |
export MUSKIE_IV=$muskie_iv | |
export MUSKIE_KEY=$muskie_key | |
export MUSKIE_SALT=$muskie_salt | |
EOF | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment